iatenorio Posted May 14, 2011 Share Posted May 14, 2011 Hello. I saw the new Post: " Without logging into your admin panel, hacker can access to your site via: http://[www.yoursite.com]/admin/categories.php/login.php?cPath=&action=new_product_preview https://[www.yoursite.com]/admin/file_manager.php/login.php To patch your site, open /admin/includes/application_top.php find: $current_page = basename($PHP_SELF); around Line 136 replace: $current_page = basename($_SERVER['SCRIPT_NAME']); " I checked and I don't have that string, I have the latest oscommerce version. What do I do? My php file is this one. What do I convert it to? <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2008 osCommerce Released under the GNU General Public License */ // start the timer for the page parse time log define('PAGE_PARSE_START_TIME', microtime()); // set the level of error reporting error_reporting(E_ALL & ~E_NOTICE); // check support for register_globals if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.'); } // load server configuration parameters if (file_exists('includes/local/configure.php')) { // for developers include('includes/local/configure.php'); } else { include('includes/configure.php'); } if (strlen(DB_SERVER) < 1) { if (is_dir('install')) { header('Location: install/index.php'); } } // define the project version --- obsolete, now retrieved with tep_get_version() define('PROJECT_VERSION', 'osCommerce Online Merchant v2.3'); // some code to solve compatibility issues require(DIR_WS_FUNCTIONS . 'compatibility.php'); // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; // set php_self in the local scope $PHP_SELF = (((strlen(ini_get('cgi.fix_pathinfo')) > 0) && ((bool)ini_get('cgi.fix_pathinfo') == false)) || !isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) ? basename($HTTP_SERVER_VARS['PHP_SELF']) : basename($HTTP_SERVER_VARS['SCRIPT_NAME']); if ($request_type == 'NONSSL') { define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); } else { define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); } // include the list of project filenames require(DIR_WS_INCLUDES . 'filenames.php'); // include the list of project database tables require(DIR_WS_INCLUDES . 'database_tables.php'); // include the database functions require(DIR_WS_FUNCTIONS . 'database.php'); // make a connection to the database... now tep_db_connect() or die('Unable to connect to database server!'); // set the application parameters $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION); while ($configuration = tep_db_fetch_array($configuration_query)) { define($configuration['cfgKey'], $configuration['cfgValue']); } // if gzip_compression is enabled, start to buffer the output if ( (GZIP_COMPRESSION == 'true') && ($ext_zlib_loaded = extension_loaded('zlib')) && (PHP_VERSION >= '4') ) { if (($ini_zlib_output_compression = (int)ini_get('zlib.output_compression')) < 1) { if (PHP_VERSION >= '4.0.4') { ob_start('ob_gzhandler'); } else { include(DIR_WS_FUNCTIONS . 'gzip_compression.php'); ob_start(); ob_implicit_flush(); } } else { ini_set('zlib.output_compression_level', GZIP_LEVEL); } } // set the HTTP GET parameters manually if search_engine_friendly_urls is enabled if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') { if (strlen(getenv('PATH_INFO')) > 1) { $GET_array = array(); $PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF); $vars = explode('/', substr(getenv('PATH_INFO'), 1)); do_magic_quotes_gpc($vars); for ($i=0, $n=sizeof($vars); $i<$n; $i++) { if (strpos($vars[$i], '[]')) { $GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1]; } else { $HTTP_GET_VARS[$vars[$i]] = $vars[$i+1]; } $i++; } if (sizeof($GET_array) > 0) { while (list($key, $value) = each($GET_array)) { $HTTP_GET_VARS[$key] = $value; } } } } // define general functions used application-wide require(DIR_WS_FUNCTIONS . 'general.php'); require(DIR_WS_FUNCTIONS . 'html_output.php'); // set the cookie domain $cookie_domain = (($request_type == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN); $cookie_path = (($request_type == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH); // include cache functions if enabled if (USE_CACHE == 'true') include(DIR_WS_FUNCTIONS . 'cache.php'); // include shopping cart class require(DIR_WS_CLASSES . 'shopping_cart.php'); // include navigation history class require(DIR_WS_CLASSES . 'navigation_history.php'); // define how the session functions will be used require(DIR_WS_FUNCTIONS . 'sessions.php'); // set the session name and save path tep_session_name('osCsid'); tep_session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters if (function_exists('session_set_cookie_params')) { session_set_cookie_params(0, $cookie_path, $cookie_domain); } elseif (function_exists('ini_set')) { ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_path', $cookie_path); ini_set('session.cookie_domain', $cookie_domain); } @ini_set('session.use_only_cookies', (SESSION_FORCE_COOKIE_USE == 'True') ? 1 : 0); // set the session ID if it exists if (isset($HTTP_POST_VARS[tep_session_name()])) { tep_session_id($HTTP_POST_VARS[tep_session_name()]); } elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) { tep_session_id($HTTP_GET_VARS[tep_session_name()]); } // start the session $session_started = false; if (SESSION_FORCE_COOKIE_USE == 'True') { tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain); if (isset($HTTP_COOKIE_VARS['cookie_test'])) { tep_session_start(); $session_started = true; } } elseif (SESSION_BLOCK_SPIDERS == 'True') { $user_agent = strtolower(getenv('HTTP_USER_AGENT')); $spider_flag = false; if (tep_not_null($user_agent)) { $spiders = file(DIR_WS_INCLUDES . 'spiders.txt'); for ($i=0, $n=sizeof($spiders); $i<$n; $i++) { if (tep_not_null($spiders[$i])) { if (is_integer(strpos($user_agent, trim($spiders[$i])))) { $spider_flag = true; break; } } } } if ($spider_flag == false) { tep_session_start(); $session_started = true; } } else { tep_session_start(); $session_started = true; } if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) { extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS); } // initialize a session token if (!tep_session_is_registered('sessiontoken')) { $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); tep_session_register('sessiontoken'); } // set SID once, even if empty $SID = (defined('SID') ? SID : ''); // verify the ssl_session_id if the feature is enabled if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true) ) { $ssl_session_id = getenv('SSL_SESSION_ID'); if (!tep_session_is_registered('SSL_SESSION_ID')) { $SESSION_SSL_ID = $ssl_session_id; tep_session_register('SESSION_SSL_ID'); } if ($SESSION_SSL_ID != $ssl_session_id) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_SSL_CHECK)); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { $http_user_agent = getenv('HTTP_USER_AGENT'); if (!tep_session_is_registered('SESSION_USER_AGENT')) { $SESSION_USER_AGENT = $http_user_agent; tep_session_register('SESSION_USER_AGENT'); } if ($SESSION_USER_AGENT != $http_user_agent) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_LOGIN)); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { $ip_address = tep_get_ip_address(); if (!tep_session_is_registered('SESSION_IP_ADDRESS')) { $SESSION_IP_ADDRESS = $ip_address; tep_session_register('SESSION_IP_ADDRESS'); } if ($SESSION_IP_ADDRESS != $ip_address) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_LOGIN)); } } // create the shopping cart if (!tep_session_is_registered('cart') || !is_object($cart)) { tep_session_register('cart'); $cart = new shoppingCart; } // include currencies class and create an instance require(DIR_WS_CLASSES . 'currencies.php'); $currencies = new currencies(); // include the mail classes require(DIR_WS_CLASSES . 'mime.php'); require(DIR_WS_CLASSES . 'email.php'); // set the language if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { if (!tep_session_is_registered('language')) { tep_session_register('language'); tep_session_register('languages_id'); } include(DIR_WS_CLASSES . 'language.php'); $lng = new language(); if (isset($HTTP_GET_VARS['language']) && tep_not_null($HTTP_GET_VARS['language'])) { $lng->set_language($HTTP_GET_VARS['language']); } else { $lng->get_browser_language(); } $language = $lng->language['directory']; $languages_id = $lng->language['id']; } // include the language translations require(DIR_WS_LANGUAGES . $language . '.php'); // currency if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) { if (!tep_session_is_registered('currency')) tep_session_register('currency'); if (isset($HTTP_GET_VARS['currency']) && $currencies->is_set($HTTP_GET_VARS['currency'])) { $currency = $HTTP_GET_VARS['currency']; } else { $currency = ((USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && $currencies->is_set(LANGUAGE_CURRENCY)) ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; } } // navigation history if (!tep_session_is_registered('navigation') || !is_object($navigation)) { tep_session_register('navigation'); $navigation = new navigationHistory; } $navigation->add_current_page(); // action recorder include('includes/classes/action_recorder.php'); // Shopping cart actions if (isset($HTTP_GET_VARS['action'])) { // redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled if ($session_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } if (DISPLAY_CART == 'true') { $goto = FILENAME_SHOPPING_CART; $parameters = array('action', 'cPath', 'products_id', 'pid'); } else { $goto = basename($PHP_SELF); if ($HTTP_GET_VARS['action'] == 'buy_now') { $parameters = array('action', 'pid', 'products_id'); } else { $parameters = array('action', 'pid'); } } switch ($HTTP_GET_VARS['action']) { // customer wants to update the product quantity in their shopping cart case 'update_product' : for ($i=0, $n=sizeof($HTTP_POST_VARS['products_id']); $i<$n; $i++) { if (in_array($HTTP_POST_VARS['products_id'][$i], (is_array($HTTP_POST_VARS['cart_delete']) ? $HTTP_POST_VARS['cart_delete'] : array()))) { $cart->remove($HTTP_POST_VARS['products_id'][$i]); } else { $attributes = ($HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]]) ? $HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]] : ''; $cart->add_cart($HTTP_POST_VARS['products_id'][$i], $HTTP_POST_VARS['cart_quantity'][$i], $attributes, false); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // customer adds a product from the products page case 'add_product' : if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) { $attributes = isset($HTTP_POST_VARS['id']) ? $HTTP_POST_VARS['id'] : ''; $cart->add_cart($HTTP_POST_VARS['products_id'], $cart->get_quantity(tep_get_uprid($HTTP_POST_VARS['products_id'], $attributes))+1, $attributes); } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // customer removes a product from their shopping cart case 'remove_product' : if (isset($HTTP_GET_VARS['products_id'])) { $cart->remove($HTTP_GET_VARS['products_id']); } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // performed by the 'buy now' button in product listings and review page case 'buy_now' : if (isset($HTTP_GET_VARS['products_id'])) { if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'])); } else { $cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; case 'notify' : if (tep_session_is_registered('customer_id')) { if (isset($HTTP_GET_VARS['products_id'])) { $notify = $HTTP_GET_VARS['products_id']; } elseif (isset($HTTP_GET_VARS['notify'])) { $notify = $HTTP_GET_VARS['notify']; } elseif (isset($HTTP_POST_VARS['notify'])) { $notify = $HTTP_POST_VARS['notify']; } else { tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify')))); } if (!is_array($notify)) $notify = array($notify); for ($i=0, $n=sizeof($notify); $i<$n; $i++) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] < 1) { tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, customers_id, date_added) values ('" . $notify[$i] . "', '" . $customer_id . "', now())"); } } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify')))); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break; case 'notify_remove' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['products_id'])) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] > 0) { tep_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'"); } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')))); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break; case 'cust_order' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['pid'])) { if (tep_has_product_attributes($HTTP_GET_VARS['pid'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['pid'])); } else { $cart->add_cart($HTTP_GET_VARS['pid'], $cart->get_quantity($HTTP_GET_VARS['pid'])+1); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; } } // include the who's online functions require(DIR_WS_FUNCTIONS . 'whos_online.php'); tep_update_whos_online(); // include the password crypto functions require(DIR_WS_FUNCTIONS . 'password_funcs.php'); // include validation functions (right now only email address) require(DIR_WS_FUNCTIONS . 'validations.php'); // split-page-results require(DIR_WS_CLASSES . 'split_page_results.php'); // infobox require(DIR_WS_CLASSES . 'boxes.php'); // auto activate and expire banners require(DIR_WS_FUNCTIONS . 'banner.php'); tep_activate_banners(); tep_expire_banners(); // auto expire special products require(DIR_WS_FUNCTIONS . 'specials.php'); tep_expire_specials(); require(DIR_WS_CLASSES . 'osc_template.php'); $oscTemplate = new oscTemplate(); // calculate category path if (isset($HTTP_GET_VARS['cPath'])) { $cPath = $HTTP_GET_VARS['cPath']; } elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) { $cPath = tep_get_product_path($HTTP_GET_VARS['products_id']); } else { $cPath = ''; } if (tep_not_null($cPath)) { $cPath_array = tep_parse_category_path($cPath); $cPath = implode('_', $cPath_array); $current_category_id = $cPath_array[(sizeof($cPath_array)-1)]; } else { $current_category_id = 0; } // include the breadcrumb class and start the breadcrumb trail require(DIR_WS_CLASSES . 'breadcrumb.php'); $breadcrumb = new breadcrumb; $breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER); $breadcrumb->add(HEADER_TITLE_CATALOG, tep_href_link(FILENAME_DEFAULT)); // add category names or the manufacturer name to the breadcrumb trail if (isset($cPath_array)) { for ($i=0, $n=sizeof($cPath_array); $i<$n; $i++) { $categories_query = tep_db_query("select categories_name from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = '" . (int)$cPath_array[$i] . "' and language_id = '" . (int)$languages_id . "'"); if (tep_db_num_rows($categories_query) > 0) { $categories = tep_db_fetch_array($categories_query); $breadcrumb->add($categories['categories_name'], tep_href_link(FILENAME_DEFAULT, 'cPath=' . implode('_', array_slice($cPath_array, 0, ($i+1))))); } else { break; } } } elseif (isset($HTTP_GET_VARS['manufacturers_id'])) { $manufacturers_query = tep_db_query("select manufacturers_name from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'"); if (tep_db_num_rows($manufacturers_query)) { $manufacturers = tep_db_fetch_array($manufacturers_query); $breadcrumb->add($manufacturers['manufacturers_name'], tep_href_link(FILENAME_DEFAULT, 'manufacturers_id=' . $HTTP_GET_VARS['manufacturers_id'])); } } // add the products model to the breadcrumb trail if (isset($HTTP_GET_VARS['products_id'])) { $model_query = tep_db_query("select products_model from " . TABLE_PRODUCTS . " where products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "'"); if (tep_db_num_rows($model_query)) { $model = tep_db_fetch_array($model_query); $breadcrumb->add($model['products_model'], tep_href_link(FILENAME_PRODUCT_INFO, 'cPath=' . $cPath . '&products_id=' . $HTTP_GET_VARS['products_id'])); } } // initialize the message stack for output messages require(DIR_WS_CLASSES . 'message_stack.php'); $messageStack = new messageStack; ?> Link to comment Share on other sites More sharing options...
Taipo Posted May 14, 2011 Share Posted May 14, 2011 Other than someone sending you a message, what other evidence is there that someone has exploited your site? When you are logged out, what happens when you go to one of those URLs (http://[www.yoursite.com]/admin/categories.php/login.php?cPath=&action=new_product_preview)? Might just be scare tactics to get you to alter some code that doesnt need altering. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.